Fingerprint-based unlocking shows up in latest iOS 7 beta

The latest iOS7 beta arrived in developers' hands last night, and curious folks immediately tore the build apart looking for clues about the new iPhone (or iPhones) expected in the fourth quarter. ExtremeTech (among others) is reporting that as a result of that digging, it has unearthed confirmation that fingerprint scanning will be a thing in properly equipped iPhones and iPads with iOS7.

The XML file pictured above came from the BiometricKitUI bundle, and it appears to describe images that will displayed on the screen when the user registers his or her fingerprints with the device. The files indicate two things: that the iDevice described will support fingerprint scanning, and that the scanner will be located on the Home button.

It's tempting to read more into the image than it actually shows. The obvious conclusion is that fingerprint-enabled iDevices will be unlockable with a thumbprint, but it's unclear whether the fingerprint scanning will be made available to other applications. Also unknown at this point is how seamless an experience the fingerprint scanning might be; a flagship-type feature like fingerprint scanning on a flagship product like a new iPhone needs to be light, fast, and "transparent"—it must pick up fingerprints the first time, without taking ten seconds or requiring the user to reposition his or thumb over and over again.

Lee Hutchinson
Lee is the Senior Technology Editor at Ars and oversees gadget, automotive, IT, and culture content. He also knows stuff about enterprise storage, security, and manned space flight. Lee is based in Houston, TX. Emaillee.hutchinson@arstechnica.com//Twitter@Lee_Ars

78 Reader Comments

It would be ideal if you could authorize multiple people's fingerprints to unlock the phone. My phone is usually more accessible than my wife's when we are out and she unlocks and uses it often. If its more convenient than a short pass code I'm all for it unless it will only recognize one persons prints.

This can be a tough thing to implement / pull off. But then again Apple has a history of making tough to pull off implementations seamless.

Yes, but big risk and IMHO small reward. If this doesn't work seamlessly and fast, it will be a huge PR failure. If it does work seamlessly and fast I don't see this as a must have feature that will lure Android or WP loyalists to buy an iPhone and from asking around, I don't see many iPhone users that say they will upgrade for this feature.

I'm on board for this. I've integrated a lot of my personal stuff into my phone (as I'm sure many have) including banking, cloud storage, emails, etc. While Find My iPhone gives me a little comfort in terms of how I could deal with my phone getting stolen and compromised, at least something like this could ensure they won't have easy access to the content before I can lock/wipe it. I know there's the passcode feature, but as my fiancee can testify, it's obnoxious to type in every time you open your phone, and hopefully this feature makes unlocking relatively instant.

So now when you have your iPad stolen, they'll have to steal a thumb as well?

Seriously, I hope this works. I have an older Toshiba laptop that had this feature and it did not work at all and lord knows I spent enough time trying to make it work. Someone will crack the problem, but after Maps and Siri I have my doubts.

It's still not going to stop me from grabbing one first day out of the gate because I'm a couple of generations back and am looking forward to the smaller form factor and faster speed.

my old motorola atrix had this. It was on the power button on the top back of the phone. Swipe one of your authorized fingers and it unlocks. Very fast and I had little issues with it. Worked better for me than the facial recognition stuff.

This can be a tough thing to implement / pull off. But then again Apple has a history of making tough to pull off implementations seamless.

Yes, but big risk and IMHO small reward. If this doesn't work seamlessly and fast, it will be a huge PR failure. If it does work seamlessly and fast I don't see this as a must have feature that will lure Android or WP loyalists to buy an iPhone and from asking around, I don't see many iPhone users that say they will upgrade for this feature.

That would hardly be the sole purpose of this feature, don't you think? A biometric home button could serve many purposes beyond unlocking the phone.

With as much sensitive data as we all have coursing through our mobile devices, which is now fairly easy to access without authorization, a biometric home button could be immensely valuable as an integral part of an across-the-board campaign of personal data security in iOS 7. It would span Passbook and payment services now, and could involve or enable services so far only rumored. There is no pass code to forget, get stolen, or even just slow you down. And it could secure any number of services almost transparently.

If they integrate this throughout the OS, such a "Fort Knox" posture toward personal data security, I think, just might be a feature to draw some attention away from other platforms.

If it's an optional feature, and I can't see why it shouldn't be, what is the problem if it's not that "seamless and fast", if it's not heavily advertised. For all we know at this point, it could be a minor feature for people that keeps forgetting their passcode or think biometrics are fancy.

I for one think it won't work as good as you assume, and Apple will do well to not market it as a major feature, but more as a nice bonus. I can't see any reason why the hardware should work better than the ones already on the market and those are pretty annoying at times in my opinion.

Here's to hoping it will work well, with a healthy dose of skepticism.

Exactly! On a more serious note, I've got bluetooth in my truck and I use it all the time except when trying to dial out. This isn't the only but probably the biggest reason I don't use a PIN or passcode on my phone.

This would be a huge draw for me as I contemplate whether I will continue in the Android ecosystem or jump ship to Apple-land from my original Motorola Atrix. The Atrix, as pointed out by others, has this feature on the power button. It has always worked well for me, and the convenience of it (versus passcode input) is a major plus.

a flagship-type feature like fingerprint scanning on a flagship product like a new iPhone needs to be light, fast, and "transparent"—it must pick up fingerprints the first time, without taking ten seconds or requiring the user to reposition his or thumb over and over again.

This shouldn't be too challenging to achieve. The fingerprint reader in my old notebook (circa 2008) did this with no trouble using one of those strip readers you slide your finger over embedded into the palm rest. Only had a read failure if I had my hand at a very weird angle. Current notebook has same feature via a Biometric Coprocessor from AuthenTec Systems -- a company I believe Apple purchased. Can log in to different accounts depending on what finger was swiped and allows up to 10 fingers to be registered per stored credential. (I think there may be a limit on how many total fingers can be registered, but iOS doesn't support multiple users yet anyway, right?)

Yes, but big risk and IMHO small reward. If this doesn't work seamlessly and fast, it will be a huge PR failure. If it does work seamlessly and fast I don't see this as a must have feature that will lure Android or WP loyalists to buy an iPhone and from asking around, I don't see many iPhone users that say they will upgrade for this feature.

I think at this (valid) point applies to pretty much all features a new iPhone could have.The "easy" things have been done, so have the things with huge rewards. Every new feature will be a risk, and no single feature will lure anybody from the competition (if it ever did). Yet, steady improvement, even in small steps, is simply necessary to build an attractive platform.

What I find curious is, however, that there are apparently two different resources for left- and right-handed users. How would they decide that on the tutorial screen, i.e. presumably before any thumbs have been scanned.

If this works well and it is seamless with apps and websites, this could be a massive win for everyone drowning in a pile of different user accounts and passwords. At this point, it's very much something that affects almost everyone. This is pretty terrible at work even where they actively try to minimize this problem. Add-on single sign on software usually adds it's own set of problems.

How many people do you know that use the same password for their primary email address, bank account, social networks, and a three dozen other websites with questionable security practices? Maybe this could generate secure passwords and use your face (though front-facing camera) and thumbprint simultaneously. Sure, I use 1Password already but something like that is never as robust/easy to use as something built into the OS and hardware.

Even if all it does is allow you to unlock the phone quickly without a passcode or use the App Store without entering an Apple ID password, that's still significant.

Does this actually prove that a fingerprint sensor/unlock is going to be used?

As far as I can tell, the code only describes 2 on-screen images, and they're not conclusive - indeed they could just be generic images for guiding new users through the basic usage & security features of your new phone:

1)"Photo of a person holding iPhone with their right hand, while touching the home button with their thumb"

Well that could be somebody pressing a normal home button, in the normal manner, as has been done since 2007. There does not have to be a fingerprint sensor for you to use an iPhone in this exact way.

2)"Fingerprint that changes colour during the setup process"

This could just be a general reference to "security". If the image was of a generic padlock (a common image in security features) would that mean your phone actually had a keyhole?

If this works well and it is seamless with apps and websites, this could be a massive win for everyone drowning in a pile of different user accounts and passwords. At this point, it's very much something that affects almost everyone. This is pretty terrible at work even where they actively try to minimize this problem. Add-on single sign on software usually adds it's own set of problems.

How many people do you know that use the same password for their primary email address, bank account, and a three dozen other websites? Maybe this could generate secure passwords and use your face (though front-facing camera) and thumbprint simultaneously. Sure, I use 1Password already but something like that is never as robust/easy to use as something built into the OS and hardware.

Even if all it does is allow you to unlock the phone quickly without a passcode or use the App Store without entering an Apple ID password, that's still significant.

Does this actually prove that a fingerprint sensor/unlock is going to be used?

As far as I can tell, the code only describes 2 on-screen images, and they're not conclusive - indeed they could just be generic images for guiding new users through the basic usage & security features of your new phone:

1)"Photo of a person holding iPhone with their right hand, while touching the home button with their thumb"

Well that could be somebody pressing a normal home button, in the normal manner, as has been done since 2007. There does not have to be a fingerprint sensor for you to use an iPhone in this exact way.

2)"Fingerprint that changes colour during the setup process"

This could just be a general reference to "security". If the image was of a generic padlock (a common image in security features) would that mean your phone actually had a keyhole?

Just a thought before we jump to conclusions...

I guess the fact that the XML file containing this code came from the BiometricKitUI bundle might lead us to believe that it is indeed related to a fingerprint sensor.

I think Apple MUST add some value to their flagship phone to make people buy it. Just an alu case (as opposed to a plastic case on a cheaper iPhone) won't cut it. A fingerprint sensor could do the trick especially if combined with a password manager.

I have to agree though that Apple has fumbled around often enough in the last years to make me wait before calling this a great thing to have.

If fingerprint scanners are implemented on mobile devices it is only a matter of time before lowlifes start cutting people's fingers off when they steal their devices. Only a matter of time. We live in a damn Philip K Dick novel!

Besides. Mythbusters much? They showed how relatively easy it is to hack into a fingerprint scanner. A scanned and printed fingerprint (yeah a piece of paper) was recognized as a valid fingerprint. You only got 10 possible passwords there. Once someone swipes your coffee mug off your desk and lifts prints off it you won't be able to secure anything ever again.

Does this actually prove that a fingerprint sensor/unlock is going to be used?

As far as I can tell, the code only describes 2 on-screen images, and they're not conclusive - indeed they could just be generic images for guiding new users through the basic usage & security features of your new phone:

1)"Photo of a person holding iPhone with their right hand, while touching the home button with their thumb"

Well that could be somebody pressing a normal home button, in the normal manner, as has been done since 2007. There does not have to be a fingerprint sensor for you to use an iPhone in this exact way.

2)"Fingerprint that changes colour during the setup process"

This could just be a general reference to "security". If the image was of a generic padlock (a common image in security features) would that mean your phone actually had a keyhole?

Just a thought before we jump to conclusions...

I guess the fact that the XML file containing this code came from the BiometricKitUI bundle might lead us to believe that it is indeed related to a fingerprint sensor.

Thanks for the clarification, my knowledge is not that great (or I missed it in the article)

As a side question, how effective are fingerprint scanners on laptops?I know a few people who's work-issue laptops have them, but nobody uses them.Are they unreliable? Ineffective?Does *anybody* use them, after the novelty has worn off?Surely this is relevant to adding one to a phone.

Also, as home buttons are an often-replaced item on iPhones, how much will this push up the cost of repair?

Besides. Mythbusters much? They showed how relatively easy it is to hack into a fingerprint scanner. A scanned and printed fingerprint (yeah a piece of paper) was recognized as a valid fingerprint. You only got 10 possible passwords there. Once someone swipes your coffee mug off your desk and lifts prints off it you won't be able to secure anything ever again.

I don't think that anyone would argue that fingerprint forging isn't already a vulnerability. I doubt that if you're using fingerprint authentication that it'll be the only authentication token. I suspect that Apple would allow multi-factor authentication for those who are interested in enhancing security. For the users who don't have a passcode because it's too big of a hassle to type in all the time (which I suspect is a majority of non-technical users) then bio-authentication is an improvement over an un-authenticated swipe. For those of us who use passcodes already this simply improves the security model. Is it unassailable? No, and no security system is. Is it an improvement over the current authentication scheme? Absolutely.

If fingerprint scanners are implemented on mobile devices it is only a matter of time before lowlifes start cutting people's fingers off when they steal their devices. Only a matter of time. We live in a damn Philip K Dick novel!

Valid point, if you could actually resell an iPhone with a 3rd party finger. And if you're interested in the data

Quote:

Besides. Mythbusters much? They showed how relatively easy it is to hack into a fingerprint scanner.

*A* fingerprint scanner. Certainly not all of them can be fooled by trivial means.

Also, as home buttons are an often-replaced item on iPhones, how much will this push up the cost of repair?

Hmm, I wonder if the scanner could be used to make the home button non-physical. It could prevent accidental touches easily by detecting the finger's direction and surface area (as an approximation of pressure). That would be a huge improvement over regular sensor buttons.

This can be a tough thing to implement / pull off. But then again Apple has a history of making tough to pull off implementations seamless.

Yes, but big risk and IMHO small reward. If this doesn't work seamlessly and fast, it will be a huge PR failure. If it does work seamlessly and fast I don't see this as a must have feature that will lure Android or WP loyalists to buy an iPhone and from asking around, I don't see many iPhone users that say they will upgrade for this feature.

they must be planing on doing this with the camera, I cannot see Apple putting a dedicated fingerprint sensor on the device.

It would be a nice next feature as I currently use a fingerprint sensor to log into my laptop all the time.

Valid point, if you could actually resell an iPhone with a 3rd party finger. And if you're interested in the data

Street thug won't give it as much thought as you just did. They will want a working phone to steal and they have enough brain cells (about a total of 2) to recognize people are now using fingerprints to get into the phone. And they need the fingerprint to get the phone to work. Takes too much effort to beat a password/pin out of someone. But a finger? That's easy.

Yeah I know this does not fit in your world view. But the streets in the big cities are full of people who would do this. There are neighborhoods where they'd beat you and leave you for dead if they liked and wanted to take your jacket or sneakers.

I don't care if any pro can get around this security. Its purpose, to me, is keeping my data safe from Joe Public if I accidentally leave my phone somewhere. I love the fingerprint reader in my HP EliteBook. If a phone reader works that well it'll be a smash hit with me.

[]quote*A* fingerprint scanner. Certainly not all of them can be fooled by trivial means.[/quote]

Didn't they have several fingerprint scanners and hacked into all of them? One needed a silicone imprint of a fingerprint; was not fooled by a piece of paper. Another one let anyone in by scanning a gummy bear. So yeah there's definitely variations.

A challenge! I work in the industry and get all these gadgets for free. When Apple release a device with a fingerprint scanner I'll get one and then bypass the fingerprint scanner. I'll post the results on Ars.